[opensuse-support] Where is systemd-logind device access configured?
Hi list, as in the topoic - I try to figure out where the rules are set by which systemd-logind grants access to devices like sound and video. The issue is that after some update, /dev/nvidia* is no longer treated by it, so stays unaccessible to users other than root:video It does work for /dev/snd/* and /dev/dri/card*, just not for /dev/nvidia* Any hints? -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
05.02.2020 16:11, Peter Suetterlin пишет:
Hi list,
as in the topoic - I try to figure out where the rules are set by which systemd-logind grants access to devices like sound and video.
The issue is that after some update, /dev/nvidia* is no longer treated by it, so stays unaccessible to users other than root:video It does work for /dev/snd/* and /dev/dri/card*, just not for /dev/nvidia*
Any hints?
udev rules add tag uaccess and later udev runs uaccess builtin if device has this tag. ENV{ID_MAKER_TOOL}=="?*", TAG+="uaccess" and later TAG=="uaccess", ENV{MAJOR}!="", RUN{builtin}+="uaccess"'' Probably tag is not added to nVidia nodes. -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
Am Mittwoch, 5. Februar 2020, 19:19:46 CET schrieb Andrei Borzenkov:
05.02.2020 16:11, Peter Suetterlin пишет:
Hi list,
as in the topoic - I try to figure out where the rules are set by which systemd-logind grants access to devices like sound and video.
The issue is that after some update, /dev/nvidia* is no longer treated by it, so stays unaccessible to users other than root:video It does work for /dev/snd/* and /dev/dri/card*, just not for /dev/nvidia*
Any hints?
udev rules add tag uaccess and later udev runs uaccess builtin if device has this tag.
ENV{ID_MAKER_TOOL}=="?*", TAG+="uaccess"
and later
TAG=="uaccess", ENV{MAJOR}!="", RUN{builtin}+="uaccess"''
Probably tag is not added to nVidia nodes.
Since nvidia drivers not even touch anything udev, this it the missing part. The device nodes are set up in /etc/modprobe.d/50-nvidia-default.conf: options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=484 NVreg_DeviceFileMode=0660 install nvidia PATH=$PATH:/bin:/usr/bin; if /sbin/modprobe --ignore-install nvidia; then if /sbin/modprobe nvidia_uvm; then if [ ! -c /dev/nvidia-uvm ]; then mknod -m 660 /dev/nvidia-uvm c $(cat /proc/devices | while read major device; do if [ "$device" == "nvidia-uvm" ]; then echo $major; break; fi ; done) 0; chown :video /dev/nvidia-uvm; fi; fi; if [ ! -c /dev/nvidiactl ]; then mknod -m 660 /dev/nvidiactl c 195 255; chown :video /dev/nvidiactl; fi; devid=-1; for dev in $(ls -d /sys/bus/pci/devices/*); do vendorid=$(cat $dev/vendor); if [ "$vendorid" == "0x10de" ]; then class=$(cat $dev/class); classid=${class%%00}; if [ "$classid" == "0x0300" -o "$classid" == "0x0302" ]; then devid=$((devid+1)); if [ ! -c /dev/nvidia${devid} ]; then mknod -m 660 /dev/nvidia${devid} c 195 ${devid}; chown :video /dev/nvidia${devid}; fi; fi; fi; done; /sbin/modprobe nvidia_drm; if [ ! -c /dev/nvidia-modeset ]; then mknod -m 660 /dev/nvidia-modeset c 195 254; chown :video /dev/nvidia-modeset; fi; fi I wonder, how this could ever work without video membership. Cheers, Pete -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
Andrei Borzenkov wrote:
udev rules add tag uaccess and later udev runs uaccess builtin if device has this tag.
ENV{ID_MAKER_TOOL}=="?*", TAG+="uaccess"
and later
TAG=="uaccess", ENV{MAJOR}!="", RUN{builtin}+="uaccess"''
Probably tag is not added to nVidia nodes.
YES!! Thanks so much - that is indeed the source of the trouble! So I ran an recursive grep for uaccess on the (working) snapshot and found /usr/lib/tmpfiles.d/nvidia-logind-acl-trick.conf: L /run/udev/static_node-tags/uaccess/nvidiactl - - - - /dev/nvidiactl L /run/udev/static_node-tags/uaccess/nvidia-uvm - - - - /dev/nvidia-uvm L /run/udev/static_node-tags/uaccess/nvidia-modeset - - - - /dev/nvidia-modeset L /run/udev/static_node-tags/uaccess/nvidia0 - - - - /dev/nvidia0 rpm says it doesn't belong to any package, but the scripts of the kernel module package, nvidia-gfxG04-kmp-default-390.132_k5.3.12_2-6.30.x86_64, did remove it upon uninstall: lux:/ # rpm -q --scripts nvidia-gfxG04-kmp-default-390.132_k5.3.12_2-6.30.x86_64 | grep -B 1 nvidia-logind # cleanup of bnc# 1000625 rm -f /usr/lib/tmpfiles.d/nvidia-logind-acl-trick.conf The current system does *not* have this file anymore. And interestingly enough, those line is also in the postuninstall scriptlet of the new package, nvidia-gfxG05-kmp-default. So it somehow seems deprecated? Anyhow, I'll keep it alive manually and hope that it really fixes the issue (too tired to try it right away....) Thanks again for leading me the right way! -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
participants (3)
-
Andrei Borzenkov -
Hans-Peter Jansen -
Peter Suetterlin